* Mark Wielaard: > On Mon, 2009-06-08 at 15:32 +0200, Mark Wielaard wrote: >> Hi Florian, >> >> On Mon, 2009-06-08 at 15:08 +0200, Florian Weimer wrote: >> > Was the fix for Sun Alert 246387 (aka CVE-2008-5345) included in >> > OpenJDK 6b11? >> >> I believe CVE-2008-5345 is a catch all for a bundle of security update >> patches: >> http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2009-March/005209.html >> which were later folded into OpenJDK6 b16: >> http://mail.openjdk.java.net/pipermail/jdk6-dev/2009-April/thread.html#436 > > Better URLs of the release notes, including CVS numbers: > http://langel.wordpress.com/2009/02/02/icedtea6-14-released/ > and other bug numbers: > http://blogs.sun.com/darcy/entry/openjdk_6_sources_for_b14 > (Note b14, I said b16 before, but that contained other security fixes)
Sorry, but this is way too late to be relevant to my question (which is about b11, not b14): The CVE-2008-5345 fix was not listed explicitly in the b14 round of fixes, otherwise I'd have an isolated patch I could examine.
